{"id":8792,"date":"2020-10-18T13:41:41","date_gmt":"2020-10-18T20:41:41","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8792"},"modified":"2023-03-03T14:22:16","modified_gmt":"2023-03-03T21:22:16","slug":"oct-7-csw-patch-watch-security-updates","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/oct-7-csw-patch-watch-security-updates\/","title":{"rendered":"Oct 7: CSW Patch Watch & Security Updates"},"content":{"rendered":"
<\/p>\n
<\/span><\/span><\/strong><\/p>\n In our Oct 7 edition of Patch Watch, we have 13 vendors (Apple, CISCO, IBM, RedHat, Dell, Android and others) who released 93 patches, hotfixes and security updates. A few interesting callouts would be 13 weaponized vulnerabilities with known exploits and 11 old vulnerabilities (2015 – 2019) that are getting patches released only now (two vulnerabilities ranked critical and one of them has a known exploit).<\/span><\/span><\/strong><\/p>\n Read on to know what you need to patch first and why…<\/span><\/span><\/p>\n 8 CVEs are<\/span><\/span>\u00a0associated with Remote Code Execution (RCE).<\/span><\/span><\/p>\n<\/li>\n CVE-2020-8166<\/a> has Cross-Site Request Forgery (CSRF) with medium severity that forces an end user to carry out unwanted actions on a web application given the CVSS score of 4.3.<\/span><\/span><\/p>\n<\/li>\n 3 CVEs were associated with Denial of Service (DoS) rendering online service unavailable for its intended users.<\/span><\/span><\/p>\n CVE-2020-4414<\/a> (Medium Severity & CVSS Score 5.1)<\/span><\/span><\/p>\n<\/li>\n CVE-2020-25220<\/a> (High Severity & CVSS Score 7.8)<\/span><\/span><\/p>\n<\/li>\n\n
\n
\n
\n
\n